Managing cell sites in a radio access network
US-2024224030-A1 · Jul 4, 2024 · US
Handling of digital certificates
US9960923B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9960923-B2 |
| Application number | US-201314766573-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 3, 2013 |
| Priority date | Mar 5, 2013 |
| Publication date | May 1, 2018 |
| Grant date | May 1, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for handling digital certificates in a communication network is described. The communication network comprises a first certificate authority ( 110 - 116 ) having issued at least one digital certificate. The method comprises determining ( 216 ) whether a revocation condition for revoking the at least one digital certificate is fulfilled. The at least one digital certificate has been issued by the first certificate authority, wherein the at least one digital certificate is valid and is not revoked. The method further comprises, based on a result of the step of determining ( 216 ), revoking ( 404 ), by the first certificate authority ( 110 - 116 ), the at least one digital certificate, and based on the result of the step of determining ( 216 ), issuing, by a second certificate authority ( 110 - 116 ), at least one further digital certificate for the revoked at least one digital certificate. An associated system, methods in involved network entities, the involved network entities, and computer programs are also described. Therefore security handling in the communication network which may be fluctuating with respect to its number of network nodes and/or which may comprise numerous network nodes may be performed in an easy and efficient way.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for handling digital certificates in a communication network, the communication network comprising a first certificate authority having issued at least one digital certificate, the method comprising: determining whether a revocation condition for revoking the at least one digital certificate is fulfilled, wherein: the at least one digital certificate was issued by the first certificate authority; the at least one digital certificate is valid and not presently revoked; and any given digital certificate that is not revoked is uniquely identified by a unique identifier; based on a result of the determining: revoking, by the first certificate authority, the at least one digital certificate; and issuing, by a second certificate authority, at least one further digital certificate to have a same unique identifier as one of the at least one digital certificate that is revoked. 2. The method of claim 1 , further comprising: prior to the determining, determining whether a trust relation addition condition for adding a trust relation in at least one network node of the communication network to the second certificate authority is fulfilled; and based on a result of determining whether the trust relation addition condition is fulfilled, establishing a trust relation in the at least one network node of the communication network to the second certificate authority. 3. The method of claim 2 , wherein the establishing comprises sending, to a network managing node, information for the network managing node to send information to the at least one network node to add a trust relation in the at least one network node to the second certificate authority. 4. The method of claim 2 , further comprising stopping, based on the result of the determining whether the trust relation addition condition is fulfilled, by the first certificate authority, to issue a further digital certificate and enabling the second certificate authority to issue the at least one further digital certificate. 5. The method of claim 2 , further comprising, based on the result of the step of determining whether the trust relation addition condition is fulfilled, creating the second certificate authority. 6. The method of claim 4 , wherein the following are performed in parallel: the stopping, by the first certificate authority, to issue a further digital certificate; and the enabling the second certificate authority, to issue the at least one further digital certificate. 7. The method of claim 2 , further comprising: stopping, based on the result of the determining whether the trust relation addition condition is fulfilled, by the first certificate authority, to issue a further digital certificate and enabling the second certificate authority to issue the at least one further digital certificate; and subsequent to determining whether the trust relation addition condition is fulfilled, determining whether the first certificate authority is enabled to issue a further digital certificate; and wherein, if the first certificate authority is enabled to issue a further digital certificate, the stopping, by the first certificate authority, to issue a further digital certificate and the enabling the second certificate authority to issue the at least one further digital certificate are performed; and wherein, if the first certificate authority is not enabled to issue a further digital certificate; the determining whether the revoking condition is fulfilled is performed. 8. The method of claim 2 : wherein the at least one network node comprises a trust relation to the first certificate authority; further comprising, subsequent to the revoking, by the first certificate authority, the at least one digital certificate, removing the trust relation to the first certificate authority in the at least one network node. 9. The method of claim 3 , wherein the establishing and/or the removing is performed by operation and maintenance means. 10. The method of claim 1 , further comprising revoking the first certificate authority subsequent to the removing the trust relation in the at least one network node to the first certificate authority. 11. The method of claim 1 , further comprising receiving, by the first certificate authority, a request for revoking the at least one digital certificate. 12. The method of claim 1 : wherein at least one condition of the revocation condition is associated with at least one threshold; and wherein the determining whether the at least one revocation condition is fulfilled comprises: comparing a corresponding characteristic with the at least one threshold; and determining that the at least one revocation condition is fulfilled if the corresponding characteristic is equal to or above the at least one threshold. 13. The method of claim 1 , wherein at least one condition of the revocation condition is related to at least one of: a length of a certificate revocation record in the first certificate authority for digital certificates having been revoked by the first certificate authority; a number of entries in the certificate revocation record in the first certificate authority; an elapsed life time of the first certificate authority since a creation of the first certificate authority; a remaining life time of the first certificate authority; a number of digital certificates in the first certificate authority, the digital certificates being valid and being not revoked; a ratio between digital certificates revoked by the first certificate authority and digital certificates issued by the first certificate authority; the first certificate authority being compromised; and an administrative reason affecting the first certificate authority selected from the group consisting of: a change of a name of the first certificate authority, a shutdown of the first certificate authority, a change of a platform of the first certificate authority, and maintenance work for the first certificate authority. 14. The method of claim 2 : wherein at least one condition of the trust relation addition condition; wherein the determining whether the at least one trust relation addition condition is fulfilled comprises: comparing a corresponding characteristic with the at least one threshold; and determining that the at least one trust relation addition condition is fulfilled if the corresponding characteristic is equal to or above the at least one threshold. 15. The method of claim 2 , wherein at least one condition of the trust relation addition condition is related to at least one of: a length of a certificate revocation record in the first certificate authority for digital certificates having been revoked by the first certificate authority; a number of entries in the certificate revocation record in the first certificate authority; an elapsed life time of the first certificate authority since a creation of the first certificate authority; a remaining life time of the first certificate authority; a number of digital certificates in the first certificate authority, the digital certificates being valid and being not revoked; a ratio between digital certificates revoked by the first certificate authority and digital certificates issued by the first certificate authority; the first certificate authority being compromised; and an administrative reason affecting the first certificate authority selected from the group consisting of: a change of a name of the first certificate authority, a shutdown of the first certificate authority, a change of a platform of the first certificate authority, and maint
Assignees
Inventors
Classifications
- H04L9/3268Primary
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9960923B2 cover?
- A method for handling digital certificates in a communication network is described. The communication network comprises a first certificate authority ( 110 - 116 ) having issued at least one digital certificate. The method comprises determining ( 216 ) whether a revocation condition for revoking the at least one digital certificate is fulfilled. The at least one digital certificate has been iss…
- Who is the assignee on this patent?
- Ericsson Telefon Ab L M
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3268. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 01 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).